From 4a95b316779dd5ea7a66bb1e69a4b622d400daf6 Mon Sep 17 00:00:00 2001 From: ddl-ebrown Date: Thu, 11 Jul 2024 20:51:17 -0700 Subject: [PATCH] Formalize oidc_client_secret in flyte-admin-secrets - When setting up integrations with an IdP like Keycloak, the oidc_client_secret must also be set in flyte-admin-secrets. Formalize that and make it more discoverable Signed-off-by: ddl-ebrown --- charts/flyte-core/templates/admin/secret.yaml | 4 ++++ deployment/eks/flyte_aws_scheduler_helm_generated.yaml | 1 + deployment/eks/flyte_helm_controlplane_generated.yaml | 1 + deployment/eks/flyte_helm_generated.yaml | 1 + deployment/gcp/flyte_helm_controlplane_generated.yaml | 1 + deployment/gcp/flyte_helm_generated.yaml | 1 + deployment/sandbox/flyte_helm_generated.yaml | 1 + 7 files changed, 10 insertions(+) diff --git a/charts/flyte-core/templates/admin/secret.yaml b/charts/flyte-core/templates/admin/secret.yaml index 2b3ca07885..9ab5edbaf3 100644 --- a/charts/flyte-core/templates/admin/secret.yaml +++ b/charts/flyte-core/templates/admin/secret.yaml @@ -13,6 +13,7 @@ data: cookie_hash_key: {{ index $secret.data "cookie_hash_key" }} cookie_block_key: {{ index $secret.data "cookie_block_key" }} claim_symmetric_key: {{ index $secret.data "claim_symmetric_key" }} + oidc_client_secret: {{ index $secret.data "oidc_client_secret" }} {{- else }} token_rsa_key.pem: | {{ genPrivateKey "rsa" | b64enc }} @@ -22,6 +23,9 @@ stringData: cookie_hash_key: {{ randAlphaNum 64 | b64enc | quote }} cookie_block_key: {{ randAlphaNum 32 | b64enc | quote }} claim_symmetric_key: {{ randAlphaNum 32 | b64enc | quote }} +{{- if .Values.secrets.adminOauthClientCredentials.enabled }} + oidc_client_secret: {{ .Values.secrets.adminOauthClientCredentials.clientSecret | quote }} +{{- end }} {{- end }} {{- with .Values.flyteadmin.secrets -}} {{ tpl (toYaml .) $ | nindent 2 }} diff --git a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml index 35f1f2d53e..0ad5237b37 100644 --- a/deployment/eks/flyte_aws_scheduler_helm_generated.yaml +++ b/deployment/eks/flyte_aws_scheduler_helm_generated.yaml @@ -63,6 +63,7 @@ stringData: cookie_hash_key: "QkszemVLWGdFU3h5UlhVS0JuU0oyWUNHcUNUdnhwQ2w2RTJsQktaR3gwcFg3MldNMGY0eFE0Z2VWS0t0bHp2QQ==" cookie_block_key: "TVhSV3dVZjZlYkduQWtWWlFVZENkcE13bWpqYnk3NE8=" claim_symmetric_key: "RkptQ1dJODJvTGk0NGphb1ZSVWRpb1RZbEFaWHBIZTQ=" + oidc_client_secret: "foobar" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 diff --git a/deployment/eks/flyte_helm_controlplane_generated.yaml b/deployment/eks/flyte_helm_controlplane_generated.yaml index d898ef1b66..352a449da0 100644 --- a/deployment/eks/flyte_helm_controlplane_generated.yaml +++ b/deployment/eks/flyte_helm_controlplane_generated.yaml @@ -53,6 +53,7 @@ stringData: cookie_hash_key: "VlY3UEcxNFY2SFFLeUpucUdxSnRSNFJUbnpyOVNnaXZjOEZnMHF4NU4zaDFBaDhPT3FhMU9BaHREU05UWExhRw==" cookie_block_key: "WXk3WDFQb2w2MFhTRjdCa3ZsTDNqVlNjTDBmOFN3aVY=" claim_symmetric_key: "cEVhdGFUNzRMOVFlZnBScVlDOVJ6SVBoZXE4dEpPRDg=" + oidc_client_secret: "foobar" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 diff --git a/deployment/eks/flyte_helm_generated.yaml b/deployment/eks/flyte_helm_generated.yaml index 023662ae54..f5a48db44e 100644 --- a/deployment/eks/flyte_helm_generated.yaml +++ b/deployment/eks/flyte_helm_generated.yaml @@ -75,6 +75,7 @@ stringData: cookie_hash_key: "SmVNNUxQb0NmbG40VDFnTlF2TmtuRTBMNHJHNG9qRG5UNmQ5aGRqdGRoZ05GWE5uZUViS2trVm5IT2k3OGRRNA==" cookie_block_key: "bnB5NlBudHFleHB1WUx2SWRDd1RYR09IY1BpaUxVZUo=" claim_symmetric_key: "WUlJN0NyRmhaaFpGQVVUZXc3bnRSTTJoS1hnTVMzMUU=" + oidc_client_secret: "foobar" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 diff --git a/deployment/gcp/flyte_helm_controlplane_generated.yaml b/deployment/gcp/flyte_helm_controlplane_generated.yaml index 65b20fe81e..bbb8c8b43f 100644 --- a/deployment/gcp/flyte_helm_controlplane_generated.yaml +++ b/deployment/gcp/flyte_helm_controlplane_generated.yaml @@ -53,6 +53,7 @@ stringData: cookie_hash_key: "YUZoeEtEcGJsZUs3SkVzaWxIM1U4dEZ0bUIyV1I2cVpQbThBcHJaQVloSlJySGQ4bkpGVk54RGhPQ0Jzc085eA==" cookie_block_key: "SXFrNnhZRzBodklheWxHM1lDd3VhbkdqcjRmdjFkSUo=" claim_symmetric_key: "U3ZWSjRhTVk5RFhXb0VnRGFJQXNqbzZKWDY3aWp5b2I=" + oidc_client_secret: "foobar" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 diff --git a/deployment/gcp/flyte_helm_generated.yaml b/deployment/gcp/flyte_helm_generated.yaml index 701f3ebaf2..533a22dd85 100644 --- a/deployment/gcp/flyte_helm_generated.yaml +++ b/deployment/gcp/flyte_helm_generated.yaml @@ -75,6 +75,7 @@ stringData: cookie_hash_key: "Q0FnZkdlcHhGYUlTbkxYTGtSazk5ZDRjb1ByeGQ4YmdiWHhQM2lTZEc0M0ZRbGVFRUJCNmk1WUFUdEU3SXpZUQ==" cookie_block_key: "RHhtQkhTcmRUZGh6bjZMcWZuZTlNaGdWcTZiWGR4TkY=" claim_symmetric_key: "d0VFNU1wZ2Uyc1FvcTNDbXd4ZHJsSmtYVmE2SGd6M0s=" + oidc_client_secret: "foobar" --- # Source: flyte-core/templates/common/secret-auth.yaml apiVersion: v1 diff --git a/deployment/sandbox/flyte_helm_generated.yaml b/deployment/sandbox/flyte_helm_generated.yaml index 3efa2119ff..6fea345be5 100644 --- a/deployment/sandbox/flyte_helm_generated.yaml +++ b/deployment/sandbox/flyte_helm_generated.yaml @@ -123,6 +123,7 @@ stringData: cookie_hash_key: "ZThram5lbkxybTdSeDhHbGM2VDVtckRVZUo3MVo3M1l5b0JGWGVpY1dCN3R1QmZMbWJDNEhkZHFvdnRkenNNOA==" cookie_block_key: "UnlrWEt3NkkxRUQyN055N2tuMG9kQnRwV2JZdkZvVGg=" claim_symmetric_key: "MXcwb2ZpZWx4VmxqczcxalBGM0o2SzlOU1p3TkNvMXk=" + oidc_client_secret: "foobar" --- # Source: flyte/charts/flyte/templates/common/secret-auth.yaml apiVersion: v1